Vulnerabilities > CVE-2004-1645 - Multiple vulnerability in Jerod Moemeka Xedus 1.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Xedus Web Server 1.0 testgetrequest.x username Parameter XSS. CVE-2004-1645. Remote exploit for windows platform id EDB-ID:24418 last seen 2016-02-02 modified 2004-09-30 published 2004-09-30 reporter James Bercegay source https://www.exploit-db.com/download/24418/ title Xedus Web Server 1.0 testgetrequest.x username Parameter XSS description Xedus Web Server 1.0 test.x username Parameter XSS. CVE-2004-1645. Remote exploit for windows platform id EDB-ID:24417 last seen 2016-02-02 modified 2004-09-30 published 2004-09-30 reporter James Bercegay source https://www.exploit-db.com/download/24417/ title Xedus Web Server 1.0 test.x username Parameter XSS
Nessus
NASL family | Peer-To-Peer File Sharing |
NASL id | XEDUS_XSS.NASL |
description | The remote host runs Xedus Peer-to-Peer web server. This version is vulnerable to cross-site scripting attacks. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14647 |
published | 2004-09-03 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14647 |
title | Xedus Webserver Multiple XSS |
code |
|